Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-19Huntress LabsJohn Hammond
Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-07-27Youtube (SANS Institute)John Hammond, Katie Nickels
SANS Threat Analysis Rundown - Kaseya VSA attack
REvil
2021-07-20Huntress LabsJohn Hammond
Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-19Washington PostEllen Nakashima, John Hudson
U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)
2021-07-18CitizenLabBill Marczak, John Scott-Railton, Ron Deibert, Siena Anstis
Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor
2021-07-15CitizenLabBahr Abdul Razzak, Bill Marczak, John Scott-Railton, Kristin Berdan, Ron Deibert
Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot
2021-07-14Medium TowardsDataScienceJohn “Turbo” Conwell
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-07-13YouTube (John Hammond)John Hammond
JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini
2021-07-06paloalto Networks Unit 42John Martineau
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-06-01SpecterOpsJonathan Johnson
Evadere Classifications
2021-05-18SophosGreg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz
2021-05-13DomainToolsJohn “Turbo” Conwell, Tim Helming
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-04-22splunkDave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkBill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-05Huntress LabsJohn Hammond
From PowerShell to Payload: An Analysis of Weaponized Malware
2021-03-26ImpervaDaniel Johnston
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-12splunkAmy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09YouTube (John Hammond)John Hammond
HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange
CHINACHOPPER
2021-03-03Huntress LabsJohn Hammond
Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM
2021-03-01YouTube (John Hammond)John Hammond
Mozi Malware - Finding Breadcrumbs...
Mozi